CVE-2022-25328

EUVD-2022-1242

25.02.2022, 11:15

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Google	CNA	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
google	fscrypt	𝑥 < 0.3.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

fscrypt

bookworm	0.3.3-1 fixed
bullseye	no-dsa
buster	no-dsa
sid	0.3.5-1 fixed
trixie	0.3.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

fscrypt

bionic	not-affected
focal	not-affected
impish	not-affected
jammy	not-affected
trusty	ignored
xenial	ignored

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://github.com/google/fscrypt/pull/346